Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-02 15:44:44 -05:00
Code Issues Packages Projects Releases Wiki Activity

do not set kernel boot parameter page_poison=1 in Qubes since does not work

Browse Source 
https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012
This commit is contained in:
Patrick Schleizer 2019-11-05 10:02:55 -05:00
parent f57702c158
commit 94d40c68d4
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -7,8 +7,13 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
## Enables sanity checks (F), redzoning (Z) and poisoning (P). ## Enables sanity checks (F), redzoning (Z) and poisoning (P).
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZP" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZP"
## Wipes free memory so it can't leak in various ways and prevents some use-after-free vulnerabilites. if command -v "qubesdb-read" >/dev/null 2>&1 ; then
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1" ## https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012
true "skip adding page_poison=1 in Qubes"
else
## Wipes free memory so it can't leak in various ways and prevents some use-after-free vulnerabilites.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1"
fi
## Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit. ## Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"